The trusted insider

The trusted insider.

Helping organisations protect themselves against trusted insiders

I attended the Security in Government (SIG) conference in Canberra earlier this month. I am somewhat biased, but I think that SIG is probably the best annual security related gathering in Australia.

If you compare it to a lot of international gatherings SIG certainly holds its own. Although, the US and German conferences in particular have glitz and size, the quality of the discussion and the more intimate nature is refreshing. SIG, as you may have guessed is primarily targeted at government, but there are good lessons for all organisations to be had there. Ok, enough of the fanboy …

The 2014 SIG theme was the ‘trusted insider’. Whilst the discussions were often very good, I wondered whether there are additional approaches to reducing the problem of the trusted insider. These approaches focus more on the relationship between employees and their organisations.

Who are the trusted insiders?

A trusted insider is somebody who uses their privileged access to cause harm to their employer or their interests. I’ll be a bit controversial here and note that, whether these people are traitors, spies or whistle-blowers depends somewhat on perspective. In any case these people evoke strong almost visceral emotions in many people.

Why are organisations so concerned about the trusted insider?

Despite fears about rogue hackers attacking organisations from the outside, the trusted insider is still considered the biggest threat to an organisation. In Australia and overseas, trusted insiders ‘going rogue’ have caused the significant damage to national security, government agencies and private organisations. The harm done can be from loss of secrets, money or even life.

Secrets: The most glaring examples in the information security space have probably come out of the USA in recent times. People like Edward Snowden and Chelsea (Bradley) Manning spring to mind in the national security sphere. However, some Swiss banks have also been stung by Bradley Birkenfield whom some in those establishments might call a trusted insider and the US tax agency would call a whistle-blower!

Money: Fraud is probably the most significant threat to private organisations from trusted insiders, particularly those in the finance and insurance industry. Sometimes the size of an event can be enormous, such as when $2billion was lost in 2011 through ‘unauthorised transactions’ in a Swiss bank.

Life and property: Whilst we often focus on loss of information confidentiality, trusted insiders were also responsible for assassinating the Indian Prime Minister Indira Gandhi in the 1980s and shooting fellow soldiers in the USA and Afghanistan in the last decade. There have also been a number of cases of ‘issue motivated’ insiders harming organisations by damaging plant and equipment.

What motivates the trusted insider? C.R.I.M.E.S.

The motivations of trusted insiders are varied, however they broadly fit under the standard drivers of criminal behaviour as described by the mnemonic ‘crimes’.

Coercion – being forced, blackmailed or intimated

Revenge – for a real or perceived wrong, it could be about disaffection and or a grudge

Ideology – radicalisation or advancement of an ideology /religious objective

Money – for cash, profit, dosh, moolah – whatever you call it, and/or

Exhilaration or Ego– for the excitement or because they think that they are in someway cleverer than their compatriots – Christopher Cook seemed driven by the excitement..
The USA’s “worst intelligence disaster” was Robert Hanssen, who might be described as an egomaniac.

Sex and personal relationships. The combination of sex and coercion is a lethal one.

Of course, some are also mentally fragile and may not have a motivation that is exactly clear to others.

End of part 1

In the coming part, we talk about some approaches to the trusted insider problem.